├── LICENSE ├── README.md └── frida-python-bindings-example ├── example-1 ├── cipher.js └── test.py ├── example-2 ├── cipher.js └── test.py ├── example-3 ├── cipher.js └── test.py ├── example-4 ├── cipher.js └── test.py └── example-5 ├── cipher.js └── test.py /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 Kc57 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Blog Post Files 2 | This repository hosts the various code snippets and examples that go with my blog posts. 3 | -------------------------------------------------------------------------------- /frida-python-bindings-example/example-1/cipher.js: -------------------------------------------------------------------------------- 1 | 'use strict;' 2 | 3 | if (Java.available) { 4 | Java.perform(function() { 5 | 6 | //Cipher stuff 7 | const Cipher = Java.use('javax.crypto.Cipher'); 8 | 9 | Cipher.init.overload('int', 'java.security.Key').implementation = function (opmode, key) { 10 | 11 | console.log('[+] Entering Cipher.init()'); 12 | console.log('[ ] opmode: ' + opmode); 13 | console.log('[ ] key: ' + key.toString()); 14 | console.log('[-] Leaving Cipher.init()'); 15 | console.log(''); 16 | 17 | // call original init method 18 | this.init.overload('int', 'java.security.Key').call(this, opmode, key); 19 | } 20 | 21 | } 22 | )} 23 | -------------------------------------------------------------------------------- /frida-python-bindings-example/example-1/test.py: -------------------------------------------------------------------------------- 1 | import frida 2 | import os 3 | import sys 4 | import argparse 5 | 6 | 7 | def parse_hook(filename): 8 | print('[*] Parsing hook: ' + filename) 9 | hook = open(filename, 'r') 10 | script = session.create_script(hook.read()) 11 | script.load() 12 | 13 | 14 | if __name__ == '__main__': 15 | try: 16 | parser = argparse.ArgumentParser() 17 | parser.add_argument('package', help='Spawn a new process and attach') 18 | parser.add_argument('script', help='Frida script to execute') 19 | args = parser.parse_args() 20 | 21 | 22 | print('[*] Spawning ' + args.package) 23 | pid = frida.get_usb_device().spawn(args.package) 24 | session = frida.get_usb_device().attach(pid) 25 | parse_hook(args.script) 26 | frida.get_usb_device().resume(pid) 27 | print('') 28 | sys.stdin.read() 29 | 30 | except KeyboardInterrupt: 31 | sys.exit(0) 32 | -------------------------------------------------------------------------------- /frida-python-bindings-example/example-2/cipher.js: -------------------------------------------------------------------------------- 1 | 'use strict;' 2 | 3 | if (Java.available) { 4 | Java.perform(function() { 5 | 6 | //Cipher stuff 7 | const Cipher = Java.use('javax.crypto.Cipher'); 8 | 9 | Cipher.init.overload('int', 'java.security.Key').implementation = function (opmode, key) { 10 | 11 | send('Entering Cipher.init()'); 12 | send('opmode: ' + opmode); 13 | send('key: ' + key); 14 | send('Leaving Cipher.init()'); 15 | //console.log(''); 16 | 17 | // call original init method 18 | this.init.overload('int', 'java.security.Key').call(this, opmode, key); 19 | } 20 | 21 | } 22 | )} 23 | -------------------------------------------------------------------------------- /frida-python-bindings-example/example-2/test.py: -------------------------------------------------------------------------------- 1 | import frida 2 | import os 3 | import sys 4 | import argparse 5 | 6 | def on_message(message, data): 7 | try: 8 | if message: 9 | print(message) 10 | 11 | except Exception as e: 12 | print('exception: ' + e) 13 | 14 | 15 | def parse_hook(filename): 16 | print('[*] Parsing hook: ' + filename) 17 | hook = open(filename, 'r') 18 | script = session.create_script(hook.read()) 19 | script.on('message', on_message) 20 | script.load() 21 | 22 | 23 | if __name__ == '__main__': 24 | try: 25 | parser = argparse.ArgumentParser() 26 | parser.add_argument('package', help='Spawn a new process and attach') 27 | parser.add_argument('script', help='Frida script to execute') 28 | args = parser.parse_args() 29 | 30 | 31 | print('[*] Spawning ' + args.package) 32 | pid = frida.get_usb_device().spawn(args.package) 33 | session = frida.get_usb_device().attach(pid) 34 | parse_hook(args.script) 35 | frida.get_usb_device().resume(pid) 36 | print('') 37 | sys.stdin.read() 38 | 39 | except KeyboardInterrupt: 40 | sys.exit(0) 41 | -------------------------------------------------------------------------------- /frida-python-bindings-example/example-3/cipher.js: -------------------------------------------------------------------------------- 1 | 'use strict;' 2 | 3 | if (Java.available) { 4 | Java.perform(function() { 5 | 6 | //Cipher stuff 7 | const Cipher = Java.use('javax.crypto.Cipher'); 8 | 9 | Cipher.init.overload('int', 'java.security.Key').implementation = function (opmode, key) { 10 | 11 | var args = []; 12 | args.push({'name': 'opmode', 'value': opmode}); 13 | args.push({'name': 'key', 'value': key.toString()}); 14 | 15 | var send_message = { 16 | 'method': 'javax.crypto.Cipher.init', 17 | 'args': args 18 | }; 19 | 20 | send(send_message); 21 | 22 | // call original init method 23 | this.init.overload('int', 'java.security.Key').call(this, opmode, key); 24 | } 25 | 26 | } 27 | )} 28 | -------------------------------------------------------------------------------- /frida-python-bindings-example/example-3/test.py: -------------------------------------------------------------------------------- 1 | import frida 2 | import os 3 | import sys 4 | import argparse 5 | 6 | def on_message(message, data): 7 | try: 8 | if message: 9 | print(message) 10 | # if message['type'] == 'send': 11 | # print('[ ] Received message in python: {0}'.format(message['payload'])) 12 | 13 | except Exception as e: 14 | print('exception: ' + e) 15 | 16 | 17 | def parse_hook(filename): 18 | print('[*] Parsing hook: ' + filename) 19 | hook = open(filename, 'r') 20 | script = session.create_script(hook.read()) 21 | script.on('message', on_message) 22 | script.load() 23 | 24 | 25 | if __name__ == '__main__': 26 | try: 27 | parser = argparse.ArgumentParser() 28 | parser.add_argument('package', help='Spawn a new process and attach') 29 | parser.add_argument('script', help='Frida script to execute') 30 | args = parser.parse_args() 31 | 32 | 33 | print('[*] Spawning ' + args.package) 34 | pid = frida.get_usb_device().spawn(args.package) 35 | session = frida.get_usb_device().attach(pid) 36 | parse_hook(args.script) 37 | frida.get_usb_device().resume(pid) 38 | print('') 39 | sys.stdin.read() 40 | 41 | except KeyboardInterrupt: 42 | sys.exit(0) 43 | -------------------------------------------------------------------------------- /frida-python-bindings-example/example-4/cipher.js: -------------------------------------------------------------------------------- 1 | 'use strict;' 2 | 3 | if (Java.available) { 4 | Java.perform(function() { 5 | 6 | //Cipher stuff 7 | const Cipher = Java.use('javax.crypto.Cipher'); 8 | 9 | Cipher.init.overload('int', 'java.security.Key').implementation = function (opmode, key) { 10 | 11 | var args = []; 12 | var details = []; 13 | 14 | var opmodeString = this.getOpmodeString(opmode); 15 | var algo = this.getAlgorithm(); 16 | 17 | args.push({'name': 'opmode', 'value': opmodeString}); 18 | args.push({'name': 'key', 'value': key.$className}); 19 | 20 | details.push({'name': 'key', 'value': algo}); 21 | 22 | var send_message = { 23 | 'method': 'javax.crypto.Cipher.init', 24 | 'args': args, 25 | 'details': details 26 | }; 27 | 28 | send(send_message); 29 | 30 | // call original init method 31 | this.init.overload('int', 'java.security.Key').call(this, opmode, key); 32 | } 33 | 34 | } 35 | )} 36 | -------------------------------------------------------------------------------- /frida-python-bindings-example/example-4/test.py: -------------------------------------------------------------------------------- 1 | import frida 2 | import os 3 | import sys 4 | import argparse 5 | 6 | def on_message(message, data): 7 | try: 8 | if message: 9 | if message['type'] == 'send': 10 | payload = message['payload'] 11 | method = payload['method'] 12 | args = payload['args'] 13 | details = payload['details'] 14 | # print('[ ] {0}'.format(message['payload'])) 15 | print('[+] Method: {0}'.format(method)) 16 | 17 | print('[ ] Arguments:') 18 | for item in args: 19 | print('[ ] {0}: {1}'.format(item['name'], item['value'])) 20 | 21 | print('[ ] Additional Details:') 22 | for item in details: 23 | print('[ ] {0}: {1}'.format(item['name'], item['value'])) 24 | 25 | print('') 26 | 27 | except Exception as e: 28 | print('exception: ' + e) 29 | 30 | 31 | def parse_hook(filename): 32 | print('[*] Parsing hook: ' + filename) 33 | hook = open(filename, 'r') 34 | script = session.create_script(hook.read()) 35 | script.on('message', on_message) 36 | script.load() 37 | 38 | 39 | if __name__ == '__main__': 40 | try: 41 | parser = argparse.ArgumentParser() 42 | parser.add_argument('package', help='Spawn a new process and attach') 43 | parser.add_argument('script', help='Frida script to execute') 44 | args = parser.parse_args() 45 | 46 | 47 | print('[*] Spawning ' + args.package) 48 | pid = frida.get_usb_device().spawn(args.package) 49 | session = frida.get_usb_device().attach(pid) 50 | parse_hook(args.script) 51 | frida.get_usb_device().resume(pid) 52 | print('') 53 | sys.stdin.read() 54 | 55 | except KeyboardInterrupt: 56 | sys.exit(0) 57 | -------------------------------------------------------------------------------- /frida-python-bindings-example/example-5/cipher.js: -------------------------------------------------------------------------------- 1 | 'use strict;' 2 | 3 | if (Java.available) { 4 | Java.perform(function() { 5 | 6 | const Cipher = Java.use('javax.crypto.Cipher'); 7 | const AndroidKeyStoreKey = Java.use('android.security.keystore.AndroidKeyStoreKey'); 8 | const AndroidKeyStoreRSAPublicKey = Java.use('android.security.keystore.AndroidKeyStoreRSAPublicKey'); 9 | const AndroidKeyStoreRSAPrivateKey = Java.use('android.security.keystore.AndroidKeyStoreRSAPrivateKey'); 10 | 11 | const KeyFactory = Java.use('java.security.KeyFactory'); 12 | const KeyInfo = Java.use('android.security.keystore.KeyInfo'); 13 | 14 | Cipher.init.overload('int', 'java.security.Key').implementation = function (opmode, key) { 15 | 16 | var args = []; 17 | var details = []; 18 | 19 | var opmodeString = this.getOpmodeString(opmode); 20 | var algo = this.getAlgorithm(); 21 | 22 | args.push({'name': 'opmode', 'value': opmodeString}); 23 | args.push({'name': 'key', 'value': key.$className}); 24 | 25 | details.push({'name': 'key', 'value': algo}); 26 | 27 | if (key.$className === 'android.security.keystore.AndroidKeyStoreRSAPublicKey') { 28 | var pub_key = Java.cast(key, AndroidKeyStoreRSAPublicKey); 29 | var keystoreKey = Java.cast(key, AndroidKeyStoreKey); 30 | 31 | details.push({'name': 'AndroidKeyStoreKey.getAlias()', 'value': keystoreKey.getAlias()}); 32 | details.push({'name': 'key.getPublicExponent()', 'value': pub_key.getPublicExponent().toString()}); 33 | details.push({'name': 'key.getModulus()', 'value': pub_key.getModulus().toString()}); 34 | } 35 | 36 | if (key.$className === 'android.security.keystore.AndroidKeyStoreRSAPrivateKey') { 37 | var priv_key = Java.cast(key, AndroidKeyStoreRSAPrivateKey); 38 | 39 | var factory = KeyFactory.getInstance(key.getAlgorithm(), "AndroidKeyStore"); 40 | var keyInfo = Java.cast(factory.getKeySpec(key, KeyInfo.class), KeyInfo); 41 | 42 | details.push({'name': 'keyInfo.getKeystoreAlias()', 'value': keyInfo.getKeystoreAlias()}); 43 | details.push({'name': 'keyInfo.getKeySize()', 'value': keyInfo.getKeySize().toString()}); 44 | details.push({'name': 'keyInfo.isInsideSecureHardware()', 'value': keyInfo.isInsideSecureHardware().toString()}); 45 | 46 | details.push({'name': 'key.getModulus()', 'value': priv_key.getModulus().toString()}); 47 | } 48 | 49 | var send_message = { 50 | 'method': 'javax.crypto.Cipher.init', 51 | 'args': args, 52 | 'details': details 53 | }; 54 | 55 | send(send_message); 56 | 57 | // call original init method 58 | this.init.overload('int', 'java.security.Key').call(this, opmode, key); 59 | } 60 | 61 | } 62 | )} 63 | -------------------------------------------------------------------------------- /frida-python-bindings-example/example-5/test.py: -------------------------------------------------------------------------------- 1 | import frida 2 | import os 3 | import sys 4 | import argparse 5 | 6 | def on_message(message, data): 7 | try: 8 | if message: 9 | if message['type'] == 'send': 10 | payload = message['payload'] 11 | method = payload['method'] 12 | args = payload['args'] 13 | details = payload['details'] 14 | # print('[ ] {0}'.format(message['payload'])) 15 | print('[+] Method: {0}'.format(method)) 16 | 17 | print('[ ] Arguments:') 18 | for item in args: 19 | print('[ ] {0}: {1}'.format(item['name'], item['value'])) 20 | 21 | print('[ ] Additional Details:') 22 | for item in details: 23 | print('[ ] {0}: {1}'.format(item['name'], item['value'])) 24 | 25 | print('') 26 | 27 | if message['type'] == 'error': 28 | for key, value in message.items(): 29 | print('[X] {0}: {1}'.format(key, value)) 30 | 31 | except Exception as e: 32 | print('exception: ' + e) 33 | 34 | 35 | def parse_hook(filename): 36 | print('[*] Parsing hook: ' + filename) 37 | hook = open(filename, 'r') 38 | script = session.create_script(hook.read()) 39 | script.on('message', on_message) 40 | script.load() 41 | 42 | 43 | if __name__ == '__main__': 44 | try: 45 | parser = argparse.ArgumentParser() 46 | parser.add_argument('package', help='Spawn a new process and attach') 47 | parser.add_argument('script', help='Frida script to execute') 48 | args = parser.parse_args() 49 | 50 | 51 | print('[*] Spawning ' + args.package) 52 | pid = frida.get_usb_device().spawn(args.package) 53 | session = frida.get_usb_device().attach(pid) 54 | parse_hook(args.script) 55 | frida.get_usb_device().resume(pid) 56 | print('') 57 | sys.stdin.read() 58 | 59 | except KeyboardInterrupt: 60 | sys.exit(0) 61 | --------------------------------------------------------------------------------